data/configs/apparmor_profiles/lxc-waydroid

   1 #include <tunables/global>
   2
   3 profile lxc-waydroid flags=(attach_disconnected, complain, mediate_deleted) {
   4   #include <abstractions/base>
   5   /** ix,
   6   /system/bin/app_process Pix -> lxc-waydroid//&android_app,
   7   /system/bin/app_process32 Pix -> lxc-waydroid//&android_app,
   8   /system/bin/app_process64 Pix -> lxc-waydroid//&android_app,
   9   /system/bin/adbd Pix -> lxc-waydroid//&adbd,
  10   /dev** rw,
  11   network,
  12   unix,
  13   owner /proc** rw,
  14   / r,
  15   /** r,
  16   /acct** rwkl,
  17   /acct rwkl,
  18   /storage** rwkl,
  19   /data** rwkl,
  20   /proc** rw,
  21   /sys** rw,
  22   /dev** rw,
  23   /tmp** rw,
  24   /var** rw,
  25   /run** rw,
  26   /mnt** rw,
  27   /apex** rwk,
  28   /sbin** rw,
  29   /linkerconfig** rwk,
  30   /system** k,
  31   mount,
  32   umount,
  33
  34   capability sys_nice,
  35   capability wake_alarm,
  36   capability setpcap,
  37   capability setgid,
  38   capability setuid,
  39   capability sys_ptrace,
  40   capability sys_admin,
  41   capability wake_alarm,
  42   capability block_suspend,
  43   capability sys_time,
  44   capability net_admin,
  45   capability net_raw,
  46   capability net_bind_service,
  47   capability kill,
  48   capability dac_override,
  49   capability dac_read_search,
  50   capability fsetid,
  51   capability mknod,
  52   capability syslog,
  53   capability chown,
  54   capability sys_resource,
  55   capability fowner,
  56   capability sys_module,
  57   capability ipc_lock,
  58   capability sys_chroot,
  59
  60   ptrace (read,readby,trace,tracedby) peer=lxc-waydroid,
  61   ptrace (read,readby,trace,tracedby) peer=android_app//&lxc-waydroid,
  62   ptrace (read,readby,trace,tracedby) peer=adbd//&lxc-waydroid,
  63
  64   signal (send,receive) peer=lxc-waydroid,
  65   signal (send,receive) peer=android_app//&lxc-waydroid,
  66   signal (send) peer=adbd//&lxc-waydroid,
  67   signal (receive),
  68
  69 }
  70